Who's Online
There are currently, 108 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
The Professional Security Testers Warehouse for the GPEN GSEC GCIH GREM CEH QISP Q/ISP OPST CPTS: In the News
[ Go to Home | Select a New Topic ] |
|
Protect yourself against ARP Poisoning attacks
Posted by cdupuis on Tuesday, 08 June 2010 @ 14:39:20 EDT (873 reads)
Topic In the News
Hi!
ArpON (Arp handler inspectiON) is a portable handler daemon that make Arp secure in order to avoid Arp Spoofing/Poisoning & co.
This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or "Static Arp Inspection", the second on DARPI or"Dynamic Arp Inspection" approach.
Features:
- It replaces Arpwatch & co; ArpON blocks;
- It detects and blocks Arp Poisoning/Spoofing attacks in statically configured networks;
- It detects and blocks Arp Poisoning/Spoofing attacks in dinamically configured (DHCP) networks;
- It detects and blocks unidirectional and bidirectional attacks;
- It manages the network interface into unplug, boot, hibernation and suspension OS features;
- Easily configurable via command line switches, provided that you have root permissions;
- It works in userspace for OS portability reasons;
- Tested against Ettercap, Cain & Abel, dsniff and other tools.
Links:
http://arpon.sourceforge.net
http://arpon.sourceforge.net/documentation.html
http://arpon.sourceforge.net/manpage.html
http://arpon.sourceforge.net/download.html
Thank you,
Andrea Di Pasqual
New Open-Source OS Will Feature 'Disposable' Virtual Machines
Posted by cdupuis on Friday, 04 June 2010 @ 09:14:32 EDT (772 reads)
Topic In the News
As seen on the great darkreading web site at:
http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=225300299
New Open-Source OS Will Feature 'Disposable' Virtual Machines
Invisible Things Lab building secure OS that better locks down the VM environment
By Kelly Jackson Higgins, DarkReading
June 3, 2010
URL:http://www.darkreading.com/story/showArticle.jhtml?articleID=225300299
A new open-source operating system will come with the option of creating one-time, disposable virtual machines on the fly as a way to protect against malicious files.
Invisible Things Lab is creating these lightweight, throwaway VMs that work with traditional virtual machines in Qubes, the open-source, Xen-based OS it plans to release in beta later this summer. Qubes was architected to minimize the attack surface in the VM environment.
Disposable VMs don't provide persistent storage and are launched on a per-document basis to open a PDF, PowerPoint, or music or video file, for instance, according to Joanna Rutkowska, founder and CEO of Invisible Things Lab. They provide a safe sandbox for opening a file or attachment: If a file opened by a disposable VM is infected, the only thing it can hurt is the throwaway VM itself, not any other applications or files.
The disposable VM is clean, and its only purpose is for viewing the file, for instance; then it gets tossed away. "You still run your email client in a 'work' AppVM -- which is not disposable [because] you need to store your email client configuration, archived emails, your documents, etc. -- but you open attachments in disposable VMs," Rutkowska says.
Invisible Things Lab also plans to ultimately release a commercial version of the OS, Qubes Pro, that can run Windows applications using Windows-based application VMs.
"Our goal with Qubes is to make it usable not only by Linux geeks, but also by people like lawyers, doctors, businesspeople, and anybody who is concerned about potential compromise of their data," Rutkowska says. Making Qubes easy to use is one of our two main goals -- the other being exceptional security."
Rutkowska, who announced the disposable VM feature in a blog post this week, says the temporary VMs run under the Xen hypervisor in Qubes. Qubes' architecture helps prevent attacks where malware escapes from a VM and infects other applications or data.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Copyright © 2007 CMP Media LLC
SecurityFocus will reduce it's content and partially shut down
Posted by cdupuis on Monday, 15 March 2010 @ 09:36:47 EDT (1058 reads)
Topic In the News
NOTE FROM CLEMENT:
Ouch, another great web site that is shutting down or drasticly reducing their activities. I think this was expected considering they were acquired by a giant who has their own information forum and advisories. It is sad to see this happening, it was really a great site for many, many years. However, reality is that it does cost money to maintain such a portal and if you do not make enough revenues your are left with one choice: Closing down
As seen on the HSecurity website:
SecurityFocus to partially shut down
Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online. Starting on the 15th of March, SecurityFocus will begin transitioning its content to the Symantec Connect site.
Founded in 1999, SecurityFocus was acquired in 2002 by Symantec, the company behind another acquisition the popular Norton range of security products. In addition to its various mailing lists and vulnerability database, SecurityFocus maintains a comprehensive collection of articles and papers on a number of security issues. The site has also served as a reliable source for news from security experts on the latest security threats and problems.
See also:
See original post at: http://www.h-online.com/security/news/item/SecurityFocus-to-partially-shut-down-952967.html
HPING3 Cheatsheet
Posted by cdupuis on Wednesday, 03 March 2010 @ 09:57:45 EST (771 reads)
Topic In the News
Security+ Tutorial for the CompTIA certification SY0-201
Posted by cdupuis on Saturday, 13 February 2010 @ 11:04:40 EST (9472 reads)
Topic In the News
Good day to all,
Today I am proud and excited to announce our new series of Flash Based Tutorial for the Security+ certification exam from CompTIA. Our intend is to produce one tutorial per domain, as well as MP3 files, quizzes, cram study guides, and to give you the ability to prepare and pass the exam the first time you try it after you have studied all of the domains. The tutorial can be used as a supplement to your live classroom training or as your main source of study.
Countless hours have been spent on creating unique content that is well researched and well presented. We did produce quite a few diagram using drawing tools such as Visio to help you understand key topics. The graphics and content is 100% from CCCure and whenever we use resources such as books or online content we have included a reference to the source.
We hope that you will enjoy this new series of tutorial and your feedback is most welcome. Feedback could include tips and tricks, reporting typos, suggesting new content, or anything else you think of that can help us improve the content and benefit to others. If you know of URL, Documents, Sites, or anything else related to the Security+ Certification please do let us know and we will add it to our download and links resources.
HOW MUCH WILL THIS COST ME?
This is always the big question. You probably heard me say in the past that NOTHING IS FREE, I still stand by this statement. However, I think I have an approach that is very appealing and you will most likely appreciate it.
I came out with this new DonationWare approach. The way it works is very simple, instead of buying the tutorials at $400 to $700 which is a lot of money, I will let you make use and learn from my tutorials and once you have made it through, you make a donation of an amount that you determine yourself if you can afford it. It is totally up to you whether or not you wish to donate.
This is the approach I am going to use for the first domain of the Security+ series of tutorials. This approach is based on the honor system which is a great value from my military days. Nobody will be running after you with an AK47 to get your money :-)
Based on the success or failure of this new approach, the future of the other domains will be decided, it is up to you to decide if you wish to support this approach or if you prefer that I do like other content prublishers and sell it instead for a large amount of money :-) I think the decision is a no brainer...
The second requirement is that you must create an account (see link below) on our portal to access the material. As stated very clearly in our Usage Agreement: I will send you advertising from our sponsors once in a while and this is the price to pay to be a CCCure portal member. I will never sell or give your email address to anyone else. I will pass messages from my sponsors but they do not get access to your email address. The messages you will receive are related to higher education or security products, I do not send emails on male enhancement products, lottery scheme, etc... Usually we send only a few messages per month, you will not be inundated with traffic. Please read our Usage Agreement before joining.
Click on this link to create your account now
 FLASH BASED TUTORIAL FOR EACH OF THE DOMAINS
1. Domain 1 - System Security (Click this link to access the tutorial)
 MP3 FILES FOR EACH DOMAIN
1. Domain 1 - System Security (Click here to listen to the MP3 online)
1. Domain 1 - System Security (Click HERE to download a copy of the MP3 file to listen offline)
ARE YOUR AN INSTRUCTOR, A TRAINING COMPANY, A COLLEGE, A UNIVERSITY ??
Our resources are NOT to be used within any commercial offering, bundle, media compilation without you obtaining a license first.
If you are an instructor, a training company, or an higher education institution, and you are are interested in helping your student in their learning path, helping them achieve their certification goals, we will be please to license our resource for your own usage within your commercial offering.
We do have very attractive pricing for you and I am sure you will like it. Our license price is less than what you would pay for a few days of work from a skilled courseware developer. We have done the work and you can reap the rewards. Send me an email at clement(dot)dupuis[at]cccure(dot)com if you are interested.
Best regards to all
Clement
Hacking games: Key to finding cybersecurity talent
Posted by cdupuis on Friday, 12 February 2010 @ 08:14:22 EST (961 reads)
Topic In the News
Anonymous writes "To catch a thief, you must think like a thief - the best way to defend an asset is to get inside the head of the attacker and predict his actions.
That's the opinion of Alan Paller, founder of the SANS Institute and creator of NetWars, an online cybersecurity simulation game in which contestants compete against each other by hacking into and controlling the game's 12 servers, leaving their user name in them to prove they did it.
Last July, when NetWars was presented, the honor to play the first round was given to 75 students who have considerable knowledge of cyber attack and defense techniques. But of those, only one showed the kind of reasoning that can be linked to those of a hacker.
According to Forbes, Michael Coppola, a 17-year-old high school junior, ignored the main targets and took control of the game's scorekeeping algorithm. At the end of the game, his score was three times higher then everybody else's.
One could say that he was cheating, but thinking outside the box and the willingness to break the rules are the principal requirements for a hacker and, as Alan Paller would argue, they should be equally important for cyber defenders.
"This is a skill we need Americans to have. But even more we need to find the ones who are already talented and make sure they're working for the good guys," he says. He sees NetWars, the Air Force's Cyber Patriot competition, the Department of Defense's Digital Forensics Challenge and other such competitions as a great method to discover and foster talented individuals who will become one of the 20,000 skilled cybersecurity experts America is in need of.
But, NetWars is fairly controversial because unlike the other competitions mentioned, it focuses mainly on cyber offense. While Sanford Schlitt, coordinator of the Cyber Patriot competition, thinks that teaching kids to find vulnerabilities and exploiting them will result in the creation of hackers, some government agencies and even some companies think Paller is on the right track, and are offering internships to winners.
See original posting at: http://www.net-security.org/secworld.php?id=8859 "
More evidence of value of security certification
Posted by cdupuis on Tuesday, 09 February 2010 @ 16:37:18 EST (1093 reads)
Topic In the News
Anonymous writes "This story appeared on Network World at
http://www.networkworld.com/news/2010/020810-security-certification.html
More evidence of value of security certification
By M. E. Kabay, Network World
February 08, 2010 12:04 AM ET
This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.
In this article, I conclude the review of recent studies and surveys with yet more encouraging news for holders of security certifications.
* * *
In June 2008, NetworkWorld writer Jon Brodkin pointed out that "Overall, the value of 164 IT certifications measured by Foote dropped 4.9% the past two years and 1.6% in the six-month period ending April 1 [2008]." However, Brodkin wrote, "Some certifications are bucking the trend and rising in value. IT security certifications rose 3.1% in value over the past two years and 1.2% in value in the last six months. Certain types of security skills are seeing dramatic growth. A 27% rise in value was measured for the Certified Information Security Manager designation, just in the past six months. In second place with a 25% rise in the last six months was the GIAC Security Expert cert."
In a follow-up article, Brodkin reported on a survey carried out for the International Information Systems Security Certification Consortium, (ISC)^2, which showed "that holders of the CISSP, SSCP or CAP certifications who work in the Americas and have at least five years experience earn [an average of] $102,376 per year – more than $21,000 higher than IT pros who also have five years experience but lack the certifications."
Reporting on the popularity of security certifications, Joan Goodchild of CSO Magazine wrote about a CompTIA survey that came out in late October 2009. The study of more than 1,500 IT workers found that many of them planned to pass certifications in security, ethical hacking and digital forensics.
Goodchild added …[M]ore companies are requiring IT security certification…. [T]he number of organizations where IT security certification is required has increased by half and is continuing to grow; 32% of employees were required to have certifications in 2008, compared to 20% in 2006.
Foote Partners maintains a database with constant updates to produce its annual "IT Skills and Certifications Pay Index." The latest edition (as of this writing in the first week of January 2010) includes "data collected through January 1, 2010." A 55-page PDF sample of the $2,500, 305 page quarterly report ($9,750 for a year's worth of reports) is available free online to illustrate the format of the report (most of the charts have been redacted to blanks).
Among the 201 specializations studied by Foote Partners, 34 certifications specifically involve security, auditing, forensics or penetration testing.
Founder David Foote, who also serves as Foote Partners' CEO & Chief Research Officer, was quoted in a Dec. 31, 2009 interview in a Bank Information Security podcast as saying that "Information security is the hot career option for professionals in 2010 and beyond." He was also interviewed back in August 2009 by Carolyn Gibney of SearchSecurity and said much the same thing: "Foote says there's reason for those in the security industry to be optimistic."
The Jan. 5, 2010 issue of the System Administration and Network Security (SANS) NewsBites started with the following assertion in an advertisement for the organization's courses:
The hottest security skills employers are seeking for 2010:
1. Red teaming/penetration testing (systems/networks and applications)
2. Forensics
3. Security essentials
4. Reverse engineering malware
5. Auditing networks and systems (hands-on testing)
6. Intrusion detection
7. Security management and leadership
8. Securing virtual systems
9. CISSP certification
Plus: Effective presentation skills for security professionals.
This last point is important: in addition to technical skills, communications and management skills are valuable to IA professionals. Recently Paul Dorey, chairman of the Institute of Information Security Professionals in Britain, was quoted as follows:
"We are entering a time when IT security people are going to have to move from being merely advisers to the business to real professionals whose views are listened to," he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organisations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.
For that to happen, security professionals need to communicate effectively with a wide range of disciplines – including audit, risk assessment and compliance, IT and engineering. "They need to be like chameleons to fit into those disciplines," he said. "You may not become an expert in them all, but you must at least don the facade. ... Get some mentoring to help you understand them."
In the next article in this five-part series, I'll look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the U.S. Department of Defense.
Read more about security in Network World's Security section.
All contents copyright 1995-2010 Network World, Inc. http://www.networkworld.com
"
Is my network part of a Botnet -- How do I find out?
Posted by cdupuis on Thursday, 04 February 2010 @ 18:01:28 EST (966 reads)
Topic In the News
Welcome to
BotHunter Central
Latest release: version 1.5
BotHunter is a U.S. Registered Trademark of SRI International, 2009. (1) Patent Pending.
BotHunter 1.5 Development Team:
Phillip Porras (Lead), Martin Fong, Keith Skinner, Steven Dawson, Rukman Senanayake, Leigh Moulder
BotHunter is developed and maintained by the Computer Science Laboratory, SRI International
BotHunter is the first, and still the best, network-based malware infection detection system out there. It tracks the two-way communication flows between your computer(s) and the Internet, comparing your network traffic against an abstract model of malware communication patterns.(1) Its goal is to catch bots and other coordination-centric malware infesting your network, and it is exceptionally effective.
BotHunter will help you catch malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let's find out who really owns your network.
Get BotHunter Now (FREE)
and Check Out: BotHunter2Web
NOW HUNTING ON:
Windows, Linux, FreeBSD, MacOS
A new version of [IN]SECURE magazine is ready for download
Posted by cdupuis on Wednesday, 03 February 2010 @ 10:45:50 EST (742 reads)
Topic In the News
DOWNLOAD ISSUE 24 HERE (February 2010)
- Writing a secure SOAP client with PHP: Field report from a real-world project
- How virtualized browsing shields against web-based attacks
- Review: 1Password 3
- Preparing a strategy for application vulnerability detection
- Threats 2.0: A glimpse into the near future
- Preventing malicious documents from compromising Windows machines
- Balancing productivity and security in a mixed environment
- AES and 3DES comparison analysis
- OSSEC: An introduction to open source log and event management
- Secure and differentiated access in enterprise wireless networks
- AND MORE!
The H Security: Scareware becomes ransomware again
Posted by cdupuis on Monday, 01 February 2010 @ 05:42:20 EST (857 reads)
Topic In the News
Scareware becomes ransomware again
Data Doctor 2010 will allegedly repair files, for a price. Rather than infected files, the latest scareware uses allegedly corrupted files to alarm users. The setup work is performed by a trojan known as W32/DatCrypt, which encrypts files including office, image and MP3 files. When the user then tries to open any of these files, Windows reports them as being corrupted.
Where previous encrypting trojans, such as GPCoder, have demanded a payment from the victim in order to decrypt files (ransomware), the criminals behind this particular attack have taken a more brazen tack. They offer the victim a program called Data Doctor 2010, which will allegedly repair the files, for download. The 'trial version' of Data Doctor downloaded then reports that it is only able to repair a single file, and that repairing all the user's files will require the full version costing around €90.
Happily for victims, anti-virus software vendor Sunbelt has provided a free downloadable tool (direct download) for repairing files without the intervention of Data Doctor. The tool simply decrypts the encrypted files, which use a simple encryption algorithm. Malware specialist FireEye reported a similar case back in early 2009. The alleged repair tool in that case was entitled FileFix Pro 2009 and was priced at €50.
Meanwhile Eset is warning of a new worm called Zimuse, which overwrites the master boot record on infected systems. BitDefender has also issued a warning about Zimuse, but claims that it destroys hard drives using malicious code. What is unanimously agreed is it does not do so immediately upon infecting a system but, depending on the variant, 20 or 40 days later by rendering the system unbootable. It is usually possible, however, to repair the system by using a repair CD to restore the MBR, allowing a normal Windows installation to once more boot.
Zimuse is being spread via infected USB sticks and via the web as a downloadable IQ test. Eset believes that the malware was originally targeted at members of a Slovakian bikers' club. Most initial reports on the spread of the worm came from Slovakia, but this has now been overtaken by the USA, followed by Slovenia, Thailand, Spain, Italy and the Czech Republic. Eset has provided a tool for removing the malware, but this is only useful before the MBR has been overwritten.
See also:
New logo for the CCCure Family of Portals
Posted by cdupuis on Friday, 29 January 2010 @ 22:16:55 EST (812 reads)
Topic In the News
Today I am happy to present our new logo:
Our new logo represent very well the mission of CCCure and it's family of portals.
It shows that our mission is Education, Information System Security, helping people worldwide.
Every month we have people from more than 125 countries that are making use of our portals. That's over 100,000 unique visitors overall. We are proud today to show our new identity, the next time you see it you will know it is not a clone, a rogue, or a fake. It is the real thing.
Thanks to all who supported us over the past ten years.
Best regards
Clement, Nathalie, and Alain
Site Owners and Maintainers
What is rogue security software?
Posted by cdupuis on Thursday, 28 January 2010 @ 14:10:38 EST (910 reads)
Topic In the News
NOTE FROM CLEMENT:
Not too long ago I was asked in class what is the name of popup suggesting to you tools to stop malware. I know exactly what they do but I was not sure about the exact name or jargon use for it. Today I have seen my answer on Lavasoft.com:
 Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as "rogue" simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product.
Why do you need to know about rogues?
Unfortunately for computer users, the number of rogue security and anti-malware software, also commonly referred to as "scareware", found online is rising at ever-increasing rates, blurring the lines between legitimate software and applications that put consumers in harm's way. And that means that instead of purchasing a program to protect your PC, you may actually be playing into the hands of cyber scammers, falling for bogus software specifically designed to mislead you.
What can you do keep from falling for rogue programs?
- Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
- Use security software and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs, like Ad-Aware, will help keep you protected from rogues because they can find and detect these programs.
- Access experts at the Lavasoft Support Forums or other security forums and ask about the software you are considering before you decide to purchase it.
- Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products. You can also refer to Lavasoft’s Rogue Gallery to check to see if a program in question is listed as a rogue.
- Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.
- Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine - meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.
From Lavasoft library at: http://www.lavasoft.com/mylavasoft/rogues/help
News from the Pauldotcom Crew
Posted by cdupuis on Friday, 15 January 2010 @ 19:48:56 EST (957 reads)
Topic In the News
All:
First, I would like to thank all of you for participating in our community Forum (http://forum.pauldotcom.com).
I wanted to give you a brief update on some of the things happening at PaulDotCom and invite you to our new community site called "PaulDotCom Insider".
As some of you already know we are launching our own webcast series. This is a very important step for us in order to maintain our sponsors and help fund PaulDotCom. There are two webcasts happening this month, and both give you a chance to win a FREE Ipod Nano! Information is below:
Title: Practical Client-Side Exploitation Kung Fu
Description: In this webcast we will explore the tools & techniques needed to perform successful client-side exploitation. Practical methods for information gathering, target selection, and exploit delivery will be covered.
Date: Thursday, January 21, 2010
Time: 2:00 PM - 3:00 PM EST
Sponsor: Core Security Technologies
Register Here: https://www1.gotomeeting.com/register/171250512
Title: Practical Web Application Pen Testing Kung Fu
Description: In this session John & Paul will guide you to performing more successful web application penetration testing. You will learn how to balance automated tools with manual testing, strike vulnerabilities with the highest chance of exploitation, and more!
Date: Tuesday, January 26, 2010
Time: 2:00 PM - 3:00 PM EST
Sponsor: Cenzic
Register Here: https://www1.gotomeeting.com/register/290940024
I would also like to invite you to join our new, work in progress, insider community. The "PaulDotCom Insider" will provide exclusive access to premium PaulDotCom content. The invitation link is as follows:
http://pauldotcom.ning.com/?xgi=2Br1mRu8PUjiw8
We still plan to keep the current Forum as it stands today.
Thanks for your help and support!
Cheers,
Paul
--
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
_______________________________________________
Pauldotcom-forum mailing list
Pauldotcom-forum@mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom-forum
New Magazine: Hack In The Box (HITB) Ezine is launched
Posted by cdupuis on Thursday, 14 January 2010 @ 17:59:32 EST (909 reads)
Topic In the News
Welcome to 2010! We are proud to announce the immediate availability of our newly? reborn? HITB ezine! You can grab your digital copies here:
https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf
As some of you may know, we?ve previously had an ezine that used to be published monthly, however the birth of the HIT-BSecConf conference series has kept us too busy to continue working on it. Until now that is...
As with our conference series, the main purpose of this new format ezine is to provide security researchers a technical outlet for them to share their knowledge with the security community. We want these researchers to gain further recognition for their hard work and we have no doubt the security community will find the material beneficial to them.
We have decided to make the ezine available for free in the continued spirit of HITB in? Keeping Knowledge Free?. In addition to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distribution at the various HITBSecConf's around the world - Dubai,
Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so be sure to grab a copy when they come out!
Happy New Year once again and we hope you enjoy the zine!
Encryption code for DECT mobile phones cracked
Posted by cdupuis on Monday, 04 January 2010 @ 08:42:55 EST (909 reads)
Topic In the News
Anonymous writes "HERE IS ANOTHER GREAT PIECE OF NEWS FROM THE H SECURITY WEBSITE:
In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) in Berlin on Tuesday. According to the researchers, the respective key used can be extracted from intercepted data traffic with a reasonable amount of effort. The experts think that such prep work will make the DECT Standard Cipher (DSC) "increasingly easier and faster to crack".
At last year's hacker conference, members of deDECTed had already pointed out severe flaws in the implementation of the DECT security features. They had used a modified laptop card and a Linux computer for intercepting DECT phones. When running their tests, the researchers noticed that occasionally no encryption process whatsoever exists between the transmitting base station and the handset. Often, the handset simply authenticates itself at the base station in the same way that is stipulated by the GSM mobile telephony standard. In other devices, the base station did authenticate itself, but without encryption. In all of these cases, the hackers were able to record active conversations in plain text.
At the time, however, the group was unable to successfully simulate an attack on the secret DSC. Now, the researchers have made further progress, which effectively means that phone conversations via DECT devices must be considered insecure even if a vendor has correctly implemented the standard's prescribed encryption features. According to crypto researcher Karsten Nohl, who has since joined the deDECTed team, one of the reasons for this is that engineers already worked sloppily when implementing the encryption code, reducing the initially planned additional process security measures such as redundant rounds in favour of a faster encryption.
The experts soon found first indications that "something's wrong with the encryption" of DECT, said Nohl. According to the researcher, the use of a proprietary cryptography standard whose operational principles are undisclosed, for instance, almost guarantees that the process will be easy to crack. The researchers were reportedly also unable to locate a good method for generating the random numbers required by the encryption mechanism. They generally found "a lot of design flaws", said Nohl. For instance, the wireless standard fully trusts the base station although the secret key is stored in the handset, he said.
According to Darmstadt-based crypto researcher Erik Tews, DSC is slightly more sophisticated than its A5/1 counterpart for GSM. An illustration in the relevant patent document shows that the algorithm consists of four registers with a total of 80 bits, he explained. The generated keys are reportedly loaded by a control unit at irregular time intervals. This process is always preceded by 40 redundant rounds, which simplifies intercepting the encrypted data stream, said the researcher. Furthermore, the hackers reportedly found a write command that proved useful in reverse engineering.
Tews described a laborious piecemeal process in which the researchers repeatedly used algebraic methods and a modified variant of a Linux-based DECT protocol stack to compare the assumed sequences within the encryption registers with the actual data they measured. Once they had found a few "crack here" signs, they started a linear cryptanalysis, he said. This reportedly enabled them to establish a register's number of clock cycles with a probability of 12 per cent. By evaluating half a million intercepted encrypted data streams, the researchers then reportedly managed to crack the DSC on a PC. The group intends to publish more details in mid January.
It was also necessary to figure out the precise operation of the DECT encryption code, Tews explained the group's next steps; one way of achieving this is to analyse the control traffic via the "A field" of the cordless phone's appropriate C channel, said the researcher. In addition to the dialled number sequences or constantly updated information about the duration of the current conversation, this traffic apparently also contains the required "keystream". The researchers reportedly needed 24 hours of recorded data material to establish the actual key used. Evaluating the B field, which generally contains voice data, reportedly allows the process to be completed much faster based on three hours of data traffic. However, this requires silence to be transmitted, said Tews. This is apparently the case when the handset is used as a "bug", for example when used as a baby monitor.
Before the presentation, the researchers informed the DECT forum of their findings. The alliance behind the standard acknowledged the vulnerabilities and referred the researchers to a new, open cryptography approach it is co-developing with the European Telecommunications Standards Institute (ETSI). An appropriate short-term update of DECT is reportedly already scheduled to be adopted in spring 2010. The forum is apparently also in the process of establishing a formal certification procedure for DECT-based devices and intends to discuss further improvements with the deDECTed team. Until then, the group itself recommends that users only buy phones whose firmware they can update manually. In general, it is advisable to keep conversations on cordless phones short and avoid silence, said the experts.
URL of this Article:
http://www.h-online.com/security/news/item/26C3-Encryption-code-for-DECT-mobile-phones-cracked-893794.html
Links in this Article:
[1] http://www.h-online.com/news/item/26C3-GSM-hacking-made-easy-893245.html
[2] https://dedected.org/trac
[3] http://events.ccc.de/congress/2009/
[4] http://www.h-online.com/news/item/DECT-Forum-Cordless-phone-vulnerabilities-present-a-low-privacy-risk-739653.html
[5] http://en.wikipedia.org/wiki/Linear_cryptanalysis
[6] http://www.dect.org/
[7] http://www.dect.org/userfiles/file/Press%20releases/DF_Press%20Information_Security%20Certification_12232009.pdf
[8] http://www.etsi.org/ "
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Old Articles
| Monday, January 04 | | · | 26C3: GSM hacking made easy |
| Tuesday, December 22 | | · | Vigilar Intense School is now closed |
| Wednesday, December 09 | | · | MessageLabs Intelligence Annual Security Report for 2009 - Botnets Bounce Back |
| Tuesday, December 08 | | · | ATM Scam Bank ATMs converted to steal bank customer IDs |
| Saturday, October 03 | | · | The PST Usage Agreement -- Read Carefully |
| Monday, July 20 | | · | Verify Your Security Provider -- The truth behind manual testing |
| Tuesday, June 30 | | · | The Security-Database Watch Newsletter -- v20090628 |
| Friday, April 17 | | · | Ethics -- Hacking their way to a job |
| Thursday, April 02 | | · | Information Security Management Maturity Model (ISM3) update |
| Wednesday, March 25 | | · | Worm Breeds BotNet from Home Routers and Modems |
| Friday, February 06 | | · | SFX-SQLi (Select For XML SQL injection) |
| · | Penetration Testing Directory Project |
| Thursday, November 20 | | · | Under worm attack, US Army bans USB drives |
| · | GFI LANguard version 9.0 has been released |
| Tuesday, November 04 | | · | Video from DEFCON 16! |
Older Articles
|
Environment for testing tools help